PolarSSL 1.2.6 released

Description

Security related

This release further reduces a possible timing side channel in the PolarSSL SSL module during decryption of the buffer due to badly formatted padding in the incoming message.

In addition, a possible timing difference due to bad padding in PKCS#1 v1.5 operations has been reduced.

Contains fixes for:

CVE-2013-0169 - TLS and DTLS protocol issue (Lucky Thirteen)

CVE-2013-1621 - Out-of-bounds comparisons

Changes

The internals for rsa_pkcs1_encrypt(), rsa_pkcs1_decrypt(), rsa_pkcs1_sign() and rsa_pkcs1_verify() have been cleaned up and split up as to separate PKCS#1 v1.5 and PKCS#1 v2.1 functionality. The PKCS#1 v2.1 RSA encrypt and decrypt functions now have support for custom labels.

On request, we have re-added handling of SSLv2 Client Hello messages when the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is set.

As a minor change, the provided SSL session cache module (ssl_cache) now also retains peer_cert information (just the peer certificate, not the entire chain) to use after session re-use.

Bug fixes

Bug fixes include fixes to remove a memory leak from the SSL module and to fix a counter bug in the GCM module and fixes to enhance support for MS Visual Studio on 64-bit systems, for the ARM platform and little endian systems.